Protecting our brand from a global spyware provider

May 1st, 2013

A recent report by Citizen Lab uncovered that commercial spyware produced by Gamma International is designed to trick people into thinking it’s Mozilla Firefox. We’ve sent Gamma a cease and desist letter today demanding that these illegal practices stop immediately.

As an open source project trusted by hundreds of millions of people around the world, defending Mozilla’s trademarks from this type of abuse is vital to our brand, our users and the continued success of our mission. Mozilla has a longstanding history of protecting users online and was named the Most Trusted Internet Company for Privacy in 2012 by the Ponemon Institute. We cannot abide a software company using our name to disguise online surveillance tools that can be – and in several cases actually have been – used by Gamma’s customers to violate citizens’ human rights and online privacy.

It’s important to note that the spyware does not affect Firefox itself, either during the installation process or when it is operating covertly on a person’s computer or mobile device. Gamma’s software is entirely separate, and only uses our brand and trademarks to lie and mislead as one of its methods for avoiding detection and deletion.

Through the work of the Citizen Lab research team, we believe Gamma’s spyware tries to give users the false impression that, as a program installed on their computer or mobile device, it’s related to Mozilla and Firefox, and is thus trustworthy both technically and in its content. This is accomplished in two ways:

When a user examines the installed spyware on his/her machine by viewing its properties, Gamma misrepresents its program as “Firefox.exe” and includes the properties associated with Firefox along with a version number and copyright and trademark claims attributed to “Firefox and Mozilla Developers.”

For an expert user who examines the underlying code of the installed spyware, Gamma includes verbatim the assembly manifest from Firefox software.

The Citizen Lab research team has provided us with samples from the following three instances that demonstrate how this misuse of our brand, trademarks and public trust is a designed feature of Gamma’s spyware products and not unique to a single customer’s deployment:

A spyware attack in Bahrain aimed at pro-democracy activists;

The recent discovery of Gamma’s spyware apparently in use amidst Malaysia’s upcoming General Elections; and

A promotional demo produced by Gamma.

Each sample demonstrates the exact same pattern of falsely designating the installed spyware as originating from Mozilla. Gamma’s own brochures and promotional videos tout one of the essential features of its surveillance software is that it can be covertly deployed on the person’s system and remain undetected.

Unfortunately, Mozilla is no stranger to the misuse of our brand. We’ve fought against companies that use our trademarks to deceive users into downloading malware, providing personal information or paying for Firefox, sometimes in a highly organized and syndicated fashion. Not only are these activities illegal, but we take them seriously because they are deceptive, harm users, cause consumer confusion, and jeopardize Mozilla’s reputation.